Last week Facebook announced that in one day 600,000 accounts possibly get hacked. Another possible solution for Facebook to combat security issues is to find 3 to 5 "Trusted friends". Facebook will be adding two new security features that will allow users to regain control of their account if it gets hijacked.

In Facebook's case, the keys are codes, and the user can choose from three to five "Trusted friends" who are then provided with a code. If you ever get locked out of your account (and you can't access your email to follow the link after resetting your Facebook password), you gather all the codes and use them to gain access to it again. Yet This method is used by hackers to hack most of the Facebook account using little bit of Social Engineering from last 5-6 Months according to me. Let us know, how this works...

How its Exploitable:This Exploit is 90% Successful on the victims who add friends without knowing them or just for increasing the number of Friends. This method to hack a Facebook Account only works if 3 trusted friends agree to give you the security code ! Another Idea, Why not Create 3 fake accounts and send Friend Request to Victim. Once your 3 Fake Accounts become friends with your victims facebook account, you can select those 3 Accounts to get the Security Code and Reset the password of Victim. Here a Complete Demonstration of Hacking Method on HackersOnlineClub.

Other Serious Facebook Vulnerability in Last WeekLast Week Nathan Power from SecurityPentest has discovered new Facebook Vulnerability, that can easily attach EXE files in messages,cause possible User Credentials to be Compromised . Not even Account Security, Also there are lots of Privacy Issues in Facebook,like Nelson Novaes Neto, a Brazilian (independent) Security and Behavior Research have analyze a privacy issue in Facebook Tickerthat allows any person chasing you without your knowledge or consent . Facebook should takes these privacy issues & security holes very seriously.

Last week we update you about Duqu when Symantec said it had found a mysterious computer virus that contained code similar to Stuxnet, a piece of malware believed to have wreaked havoc on Iran's nuclear program.

Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu.

The equipment seized from Web Werks, a privately held company in Mumbai with about 200 employees, might hold valuable data to help investigators determine who built Duqu and how it can be used. But putting the pieces together is a long and difficult process, experts said. "This one is challenging," said Marty Edwards, director of the US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. "It's a very complex piece of software."

The Duqu trojan is composed of several malicious files that work together for a malicious purpose.

Duqu appears to be more narrowly targeted than Stuxnet as researchers estimate the new trojan virus has infected at most dozens of machines so far. By comparison, Stuxnet spread much more quickly, popping up on thousands of computer systems.

Security firms including Dell Inc's SecureWorks, Intel Corp's McAfee, Kaspersky Lab and Symantec say they found Duqu victims in Europe, Iran, Sudan and the United States. They declined to provide their identities.

Duqu so named because it creates files with "DQ" in the prefix -- was designed to steal secrets from the computers it infects, researchers said, such as design documents from makers of highly sophisticated valves, motors, pipes and switches.

Duqu and Stuxnet both use a kernel driver to decrypt and load encrypted DLL (Dynamic Load Library) files. The kernel drivers serve as an "injection" engine to load these DLLs into a specific process. This technique is not unique to either Duqu or Stuxnet and has been observed in other unrelated threats.

"We are a little bit behind in the game," said Don Jackson, a director of the Dell SecureWorks Counter Threat Unit. "Knowing what these guys are doing, they are probably a step ahead."[Source]

We have learned through reliable sources that PTA has decided to ban explicit websites. This information that we have got is of preliminary nature, however officials at PTA confirmed us of decision taken by the authority.

We are yet to ascertain the mechanism and procedures that PTA will adopt for the ban, but it is anticipated that PTA will maintain a list of blacklisted websites based on user input.

This decision is apparently due to increased social and moral pressure that PTA has gone through in the recent months. This is a vital decision taken by the authority that will be welcomed by the parents. Reaction from youth can be different.

This is a developing story, and we will update it as we get more information.

Update:

We are told by PTA officials that a list of 150,000 websites has been sent to ISPs, Mobile Phone service providers, and international bandwidth providers to get them blocked. The process will take 8 to 10 working days and then these 150,000 will be blocked in Pakistan. PTA is planning to keep updating the list, through user input and self determination.

A Message From HackersMedia:

A Pakistani Hacker called Zombie_KSA from the group called (PakBugs) has Hacked Pakistans Supreme Courts website telling the Gov. this message on there site:

So I am here tO request you to go 0ut there and help the poor,needy and hungry.

They Dont have money to Eat one time Meal

They dont Have Clothes to wear

They dont have Accommodation !!

Sitting 0n y0ur r0yal chair w0nt make any changes to 0ur Pakistan

Baby m here tO Tell this mofo World that We are Pakistan ....Not Pornistan... & Sir i need ur help.. Since u have powefull balls and i request you to take action to ban porn sites in Pakistan. Read it again I request you to BAN Pornographic sites in PAKISTAN... PTA is paid whore... they dont give a damn shit about our complains... They can BAN Porn sites... ANd if they dont WTF they are paid for? Mr CJ m again requesting you to take somoto action against PTA. If you dont then i myself will... I will Roast PTA's Asses like I raped FIA... & If they cant or they wont then InshALLAH I will raise the 1337 gr33n flag high and ll Hack PTA like i hacked bef0re =) ...

@Webmaster:Mr.Malik Sohail Ahmad The data is intact, no harm done. The index file is only replaced with this message.Well Dude You Don't Know Nothing !! Here in PAKISTAN who has Degree He Is Monster and you Idiot is Webmaster of Supreme Court of PAKISTAN ? Death to U !! Learn Some Serious Shit Insane !!>

YES, I the Zombie_KSA fulfilled the promise i made on Supreme Court Site on 2011/09/27 yea baby..Read it Again... I the Zombie_KSA kept My words... & Pakistan Telecommunication Authority got STAMPED by Zombie_Ksa.

Baby m here tO Tell this mofo World that We are Pakistan ....Not Pornistan... & Sir i need ur help.. Since u have powefull balls and i request you to take action to ban porn sites in Pakistan. Read it again I request you to BAN Pornographic sites in PAKISTAN... PTA is paid whore... they dont give a damn shit about our complains... They can BAN Porn sites... ANd if they dont WTF they are paid for? Mr CJ m again requesting you to take somoto action against PTA. If you dont then i myself will... I will Roast PTA's Asses like I raped FIA... & If they cant or they wont then InshALLAH I will raise the 1337 gr33n flag high and ll Hack PTA like i hacked bef0re =) ...

Anonymous, the hackivist collective, appear now to be backing down from the grandiose promise to "erase" the Toronto Stock Exchange from the Internet on November 7. The one per cent has been putting their wealth in the Toronto Stock Exchange. This is why we choose to declare war against it, says the literally anonymous Anonymous voice. “On November 7, 2011, TSX shall be erased from the internet". And this is just the beginning. Previously anon threatened to erase NYSE from the Internet though that attack failed. also Anonymous threatens to erase FOX News couple of days ago.

In a video release Anon Said:-

"WE HAVE PUT A STOP TO THE OPERATION DUE TO ALOT OF CITIZENS OF CANADA THAT ARE A PART OF THE 99% DID NOT AGREE TO THE OPERATION!

WE ARE TRULY SORRY AND WOULD LIKE YOU TO KNOW WE ARE WITH YOU, AND WE STAND BY YOU WITH YOUR OPINIONS; BECAUSE WE ALL HAVE A VOICE.THANK YOU."

According to the infographic blog post of Facebook they said about 600,000 log-ins per day are compromised. That's given some the false impression that there are that many accounts compromised every day.

While Facebook does block (approximately) 600,000 log-ins per day, it is not that these Facebook accounts are compromised on Facebook, and certainly not that they're 'hacked' as some have written. There may be compromised accounts that appear on Facebook, but more often than not they are compromised off of Facebook--they use the same password for e-mail as Facebook, they get phished, etc. Compromised in this sense refers to log-ins where we are not absolutely confident that the account's true owner is accessing the account and we either preemptively or retroactively block access.

The statistic was revealed in an infographic published alongside an official Facebook blog post trumpeting new security features introduced by the firm. The new security features includeTrusted friends(called "Guardian angels" in the infographic).

Facebook says that you will be able to nominate three to five "trusted" friends who can help you if you have a problem accessing your account - if, for instance, someone else has changed its password and locked you out of your email account. The idea is that if you need to login to Facebook but can't access your email account, Facebook will send codes to your friends that they can pass on to you.

For more information and to download the Facebook security infographic Click Here

Nathan Power from SecurityPentest has discovered new Facebook Vulnerability, that can easily attach EXE files in messages,cause possible User Credentials to be Compromised .

When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment.

But Nathan Power Find the way to upload EXE . When uploading a file attachment to Facebook we captured the web browsers POST request being sent to the web server. Inside this POST request reads the line:

Content-Disposition: form-data; name="attachment"; filename="cmd.exe"It was discovered the variable 'filename' was being parsed to determine if the file type is allowed or not. To subvert the security mechanisms to allow an .exe file type, we modified the POST request by appending a space to our filename variable like so:filename="cmd.exe "

Cyber activists associated with Anonymous have targeted the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors. A DDOS (distributed denial-of-service) attack against the department's websitewww.oaklandpolice.com is underway, and the website currently is unreachable.

AnonyOps tweet "I'm amazed and proud of #occupyOakland protesters who stood defiant, peaceful in the face of lethal force by Oakland PD."

Police fired a number of tear gas canisters, concussion grenades, rubber bullets and non-lethal rounds at demonstrators on Tuesday night, drawing widespread condemnation for the use of heavy-handed tactics against unarmed civilians.Cyber activists associated with Anonymous have targeted the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors. A DDOS (distributed denial-of-service) attack against the department's websitewww.oaklandpolice.com is underway, and the website currently is unreachable.

AnonyOps tweet "I'm amazed and proud of #occupyOakland protesters who stood defiant, peaceful in the face of lethal force by Oakland PD."

Police fired a number of tear gas canisters, concussion grenades, rubber bullets and non-lethal rounds at demonstrators on Tuesday night, drawing widespread condemnation for the use of heavy-handed tactics against unarmed civilians.

Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission. According toBloomberg, the Chinese military is suspected of executing the digital intrusions which targeted satellites used for earth climate and terrain observation.

Indeed, a Landsat-7 earth observation satellite system experienced 12 or more minutes of interference in October 2007 and July 2008, while hackers tapped into a Terra AM-1 earth observation satellite twice, for two minutes in June 2008 and nine minutes in October that year. Interestingly enough, the report doesn't actually accuse the Chinese government of sponsoring or executing the four attacks.

However, it clearly states that the breaches are "consistent" with Beijing's military doctrine which advocates disabling an enemy's space systems, and particularly "ground-based infrastructure, such as satellite control facilities."[Source]

TeaMp0isoN group of hackers published a list of vulnerable law enforcement authorities websites that can be hacked using MSAccess SQL injection attacks. Member from TeaMp0isoN with codename "_f0rsaken" create a pastebin note with following message for Police and People of World :

I do not like the Police. You beat on innocent and peaceful protestors for no reason other than that you want to protect your friends at the banks and yourselves to make money. It's all about money and the Police aiming to keep their job. Why did I decide on not releasing the databases? I want you to see for yourself how vulnerable these people really are and for you all to get an understanding on why I didn't release.

In this release I present you vulnerable websites that are open to MSAccess SQL injection. Below are official city websites that also the Police of that said area uses for their updates. Of course with all the money they make they couldn't spend a dime to invest into their security to make sure no breaches are bound to happen, they let petty vulnerabilities that still exist on their websites stay there with no fix.

Whatever you are storing fellow below cities, which I've seen from table names it isn't good, you better hope the rest of the Community who is smart doesn't find out what's to see ;-) You should of expected me a long time ago, now the realness is setting free the cage.The SIX vulnerable sites as listed below

Message of ZHC :-Kashmiris observe October 27 as Black Day and consider it as the blackest day in the history of Kashmir. This is the Day when India landed its army in Jammu and Kashmir, in total disregard to the Indian Independence Act and Partition Plan in 1947.

In order to change the demographic composition of the territory, Indian troops, the forces of Dogra Maharaja Hari Singh, and Hindu extremists massacred over three hundred thousand Kashmiri Muslims within a period of two months.

We at ZHC remember this day and we wont allow any one to forget it for it was this day when our beautiful paradise was raped by indian hypocratic government. This day we wanna send just one msg to the indian government.

GO INDIA GO BACK TAKE YOUR ARMY OUT OF OUR BEAUTIFUL PARADISE.

India you dnt deserve the respect of kashmiri's , Your so called stupid leaders claim that artice 370 wud be abolished anytime and they wud send 10,000 ex army men to protect the pandits :) we say u send whole indian army still we wnt back down, We will fight till the last kashmiri stand's and this would be Gazwaye hind for which we are waiting since ages . This land equally belongs to pandits but not to any indian.We will welcome your army with our blood like we have done since 64 years.